Vulnerabilities > CVE-2008-1735 - Denial of Service vulnerability in Bitdefender Antivirus 2008
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service (system crash) via an invalid pointer to the CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 28741 CVE(CAN) ID: CVE-2008-1735 BitDefender Antivirus 2008是具有功能强大的反病毒引擎以及互联网过滤技术的杀毒软件。 BitDefender没有正确地验证提供给NtOpenProcess的CLIENT_ID结构指针,如果传送了无效指针的话,就会导致整个系统崩溃。 /----------- NtOpenProcess(PHANDLE ProcessHandle, ACCESS_MASK AccessMask, POBJECT_ATTRIBUTES ObjectAttributes, PCLIENT_ID ClientId ) .text:00010ADE push 0Ch .text:00010AE0 push offset stru_114E8 .text:00010AE5 call __SEH_prolog .text:00010AEA call KeGetCurrentThread .text:00010AEF xor ebx, ebx .text:00010AF1 cmp [eax+140h], bl .text:00010AF7 jz short loc_10B0D .text:00010AF9 call PsGetCurrentProcessId .text:00010AFE call PsGetCurrentProcessId .text:00010B03 push eax .text:00010B04 call sub_10724 .text:00010B09 test eax, eax .text:00010B0B jnz short loc_10B12 .text:00010B0D .text:00010B0D loc_10B0D: ; CODE XREF: sub_10ADE+19_j .text:00010B0D push [ebp+ClientId] .text:00010B10 jmp short loc_10B73 .text:00010B12 .text:00010B12 loc_10B12: ; CODE XREF: sub_10ADE+2D_j .text:00010B12 mov edi, [ebp+ClientId] .text:00010B15 cmp edi, ebx ; Little check to avoid a Null Pointer - -----------/ 这里得到了ClientId值的指针,如果非0的话就会忽略其指向。 /----------- .text:00010B17 jnz short loc_10B1C .text:00010B19 push ebx .text:00010B1A jmp short loc_10B73 .text:00010B1C .text:00010B1C loc_10B1C: ; CODE XREF: sub_10ADE+39_j .text:00010B1C mov [ebp+ms_exc.disabled], ebx .text:00010B1F mov esi, [edi] ; Here it crashes - -----------/ 如果所访问内存无效的话系统就会崩溃。 /----------- .text:00010B21 mov [ebp+var_1C], esi .text:00010B24 or [ebp+ms_exc.disabled], 0FFFFFFFFh .text:00010B28 jmp short loc_10B3B .text:00010B28 sub_10ADE endp - -----------/ Softwin BitDefender Antivirus 2008 Softwin ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.bitdefender.com/ target=_blank>http://www.bitdefender.com/</a> |
| id | SSV:3241 |
| last seen | 2017-11-19 |
| modified | 2008-04-30 |
| published | 2008-04-30 |
| reporter | Root |
| title | BitDefender Antivirus无效SSDT参数本地拒绝服务漏洞 |
References
- http://kb.bitdefender.com/KB419-en--Security-vulnerability-in-BitDefender-2008.html
- http://secunia.com/advisories/30005
- http://securityreason.com/securityalert/3838
- http://securitytracker.com/id?1019943
- http://www.coresecurity.com/?action=item&id=2249
- http://www.securityfocus.com/archive/1/491405/100/0/threaded
- http://www.securityfocus.com/bid/28741
- http://www.vupen.com/english/advisories/2008/1384
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42081